nginx

Nginx Web Application Firewall: Secure Your Site with ModSecurity

Protect your web applications from SQL injection, cross-site scripting (XSS), and common web exploits. Learn how to install and configure ModSecurity with Nginx.

Julio
ยท 2 min read

This guide shows how to protect your website using NGINX and ModSecurity, leveraging the open-source project โ€œThe World Is Yoursโ€ as a ready-to-use Web Application Firewall setup. It walks through deploying ModSecurity with NGINX, enabling core security rules, and blocking common attacks such as SQL injection, XSS, and malicious bots. The article focuses on practical configuration, performance-safe protection, and real-world hardening techniques suitable for production environments.

Install via APT Repository

You can add our raweb repository for easy apt installation on Debian and Ubuntu.

Debian 13 (trixie)

sudo install -d /etc/apt/keyrings
sudo curl -fsSL https://apt.julio.al/repository/public/keys/raweb.asc -o /etc/apt/keyrings/raweb.asc
echo "deb [signed-by=/etc/apt/keyrings/raweb.asc] https://apt.julio.al/repository/raweb-trixie trixie main" | sudo tee /etc/apt/sources.list.d/raweb.list
sudo apt update && sudo apt install twiy

Ubuntu 26.04 LTS (raccoon)

sudo install -d /etc/apt/keyrings
sudo curl -fsSL https://apt.julio.al/repository/public/keys/raweb.asc -o /etc/apt/keyrings/raweb.asc
echo "deb [signed-by=/etc/apt/keyrings/raweb.asc] https://apt.julio.al/repository/raweb-raccoon raccoon main" | sudo tee /etc/apt/sources.list.d/raweb.list
sudo apt update && sudo apt install twiy

Compile from source

apt-get -y install git
cd /root/
git clone https://github.com/theraw/The-World-Is-Yours.git
cd The-World-Is-Yours/

bash build/run.sh new
bash build/run.sh build
bash build/run.sh postfix

If you want to try with a custom nginx version, then open version file and change versions, then run

bash build/run.sh new
bash build/run.sh build

CLI Info

bash build/run.sh new     => Download all modules + nginx that are missing from /opt/. (If you make version changes to 'version' file then simply rerun this to download again)

bash build/run.sh build   => This is going to simply compile nginx nothing else. (You can run this as many times as you need, its not going to replace configs)

bash build/run.sh postfix => This will redownload /nginx/nginx.conf everytime you run it. (Suggested to run only once when you install nginx via my repo for first time)

Nginx info.

=> Nginx Folder     = /nginx/
=> --conf-path      = /nginx/nginx.conf
=> --pid-path       = /var/run/nginx.pid 
=> --user           = nginx 
=> --group          = nginx
=> --sbin-path      = /usr/sbin/nginx
=> --error-log-path = /var/log/nginx/error.log

LUA RESTY CORE SCRIPTS = /usr/nginx_lua

How to install lua scripts

. /root/The-World-Is-Yours/version
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-lrucache.git
cd /opt/mod/lua-resty-lrucache; make install PREFIX=${LUA_SCRIPTS}
nginx -s reload

Support options.

  • No free support for how to do things, please don't spam with questions in discord.
  • Free support for installation related errors only, is included.
  • Business inquiries, regarding anti-DDoS protection or other security/optimization concerns, you can contact me at raw@dopehosting.net